By msmash from Slashdot's it's-finally-happening department:On Tuesday, Chrome started marking sites that don't use HTTPS as "not secure." From a report: First announced two years ago, Google said it would flag any site that still uses unencrypted HTTP to deliver its content in the latest version of Chrome, out Tuesday. It's part of the company's years-long effort effort to gradually nudge more webmasters and site owners into adopting HTTPS, a secure encryption standard for data in transit. Any site that doesn't load with green padlock or a "secure" message in the browser's address bar will be flagged -- and shamed -- as insecure. [...] According to nightly data compiled by security experts Troy Hunt and Scott Helme, roughly 100 of the top 500 websites are still serving their pages over unencrypted HTTP -- all of which will today be flagged as "insecure." Many of those sites -- like Baidu, JD.com, and Google.cn -- are Chinese language sites, but many popular Western sites -- including BBC.com, DailyMail.co.uk, and Fedex.com -- are HTTP. Of the top million sites, a little over half do not redirect to HTTPS. Chrome 68 also brings with it Page Lifecycle API, and the Payment Handler API. From a report: The Payment Handler API builds on the Payment Request API, which helped users check out online. The new API enables web-based payment apps to facilitate payments directly within the Payment Request experience, as seen above. As with every version, Chrome 68 includes an update to the V8 JavaScript engine: version 6.8. It reduces memory consumption as well as includes improvements to array destructuring, Object.assign, and TypedArray.prototype.sort. Check out the full list of changes for more information.

By msmash from Slashdot's fixing-things department:An anonymous reader shares a report: For a week, we have been seeing reports that the newly released MacBook Pros run hot, which all kicked off after this video by Dave Lee. They run so hot, in fact, that the very fancy 8th Gen Intel Core processors inside them were throttled down to below their base speed. Apple has acknowledged that thermal throttling is a real issue caused by a software bug, and it's issuing a software update today that is designed to address it. The company also apologized, writing, "We apologize to any customer who has experienced less than optimal performance on their new systems." Apple claims that it discovered the issue after further testing in the wake of Lee's video, which showed results that Apple hasn't seen in its own testing. In a call with The Verge, representatives said that the throttling was only exhibited under fairly specific, highly intense workloads, which is why the company didn't catch the bug before release. The bug affects every new generation of the MacBook Pro, including both the 13-inch and 15-inch sizes and all of the Intel processor configurations. It does not affect previous generations.

By msmash from Slashdot's up-next department:Millions of Americans have already scrapped traditional pay-TV service, and the exodus is expected to continue apace in 2018. From a report: This year, the number of cord-cutters in the U.S. -- consumers who have ever cancelled traditional pay-TV service and do not resubscribe -- will climb 32.8%, to 33.0 million adults, according to new estimates from research firm eMarketer. That's compared with a total of 24.9 million cord-cutters as of the end of 2017, which was up 43.6% year over year (and an upward revision from eMarketer's previous 22 million estimate). That said, even as the traditional pay-TV universe shrinks, the number of viewers accessing over-the-top, internet-delivered video services keeps growing. About 147.5 million people in the U.S. watch Netflix at least once per month, according to eMarketer's July 2018 estimates. That's followed by Amazon Prime Video (88.7 million), Hulu (55 million), HBO Now (17.1 million) and Dish's Sling TV (6.8 million).

By msmash from Slashdot's down-side department:Owen Williams, writing for Motherboard: The pursuit of thinner, lighter laptops, a trend driven by Apple, coinciding with laptops replacing desktops as our primary devices means we have screwed ourselves out of performance -- and it's not going to get better anytime soon. Thermal throttling is not something that Apple alone suffers from: every laptop out there will face thermal constraints at some point, but whether or not that's perceivable depends on a number of different variables including form factor and cooling capacity. When you're shopping for a laptop, you'll notice that manufacturers like Apple use phrases like "Turbo Boost" and "Up to 4.8 GHz" without really explaining what that means. The 4.8 GHz processor clock speed, which Apple quotes for the 15-inch MacBook Pro, is a 'best case' processor speed that's only achieved in short bursts when your computer requests it, subject to a number of conditions. If you're playing a game like Fortnite, for example, the game will request your processor provide faster performance, and the processor will attempt to increase its operating frequency gradually to deliver the maximum available performance within the thermal envelope of your machine. That maximum is restricted by both power and thermal limits, which is where we run into issues: laptops tend to get hot because they're thinner, with limited space to dissipate that heat through the use of fans and heatsinks.

By msmash from Slashdot's fool-me-once,-fool-me-twice department:Brian Krebs reports: Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to a lawsuit filed last month in the Western District of Virginia, the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email. The email allowed the intruders to install malware on the victim's PC and to compromise a second computer at the bank that had access to the STAR Network, a system run by financial industry giant First Data that the bank uses to handle debit card transactions for customers. That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards.

By msmash from Slashdot's closer-look department:The British government broke the law by allowing spy agencies to amass data on UK citizens without proper oversight from the Foreign Office, an independent tribunal has ruled. From a report: GCHQ, the UK's electronic surveillance agency, was given vastly increased powers to obtain and analyze citizens' data after the 9/11 terrorist attacks in 2001, on the condition that it agreed to strict oversight from the foreign secretary. But according to the Investigatory Powers Tribunal, an independent court that was set up by the government to investigate unlawful intrusion by public bodies in the UK, the Foreign Office on several occasions gave GCHQ an effective "carte blanche" to demand data from telecoms and internet companies, which could include visited websites, location information and email contacts. In a judgment published on Monday, the tribunal said: "In cases in which ... the foreign secretary made a general direction which applied to all communications through the networks operated by the [communications service provider], there had been an unlawful delegation of the power. "The lack of legal control on the discretion of [GCHQ] is compounded in those cases where the specific requirement was not communicated in writing."

By BeauHD from Slashdot's latest-and-greatest department:An anonymous reader quotes a report from Appuals: ReactOS, the "free Windows clone" operating system, has pushed out ReactOS 0.4.9 just recently, which brings a whole slew of improvements. With this latest 0.4.9 version, ReactOS has become entirely self-hosting without any issues, which means ReactOS can fully build itself from within itself, it does not require any third-party operating system to compile ReactOS. Self-hosting was built into older ReactOS versions, but it came with a myriad of issues -- the system would become too stressed under memory usage and storage I/O loads. This was due to a flawed NT-compliant kernel. Additional improvements in ReactOS 0.4.9 include overall stability and performance enhancements. The hardware abstraction layer and the FastFAT drivers received significant attention, and FastFAT should no longer eat through the cache so fast it causes system crashes due to resource leakage. FastFAT has also been rewritten to trigger a "chkdsk" repair on dirty / corrupt volumes during boot detections. Some other quality improvements are the addition of a built-in zipfldr extension -- ReactOS can now natively unpackage zipped archives, without the need of a third-party tool like WinZip. The changelog can be viewed here.

By msmash from Slashdot's paying-the-price department:The European Commission imposed a fine of 111 million euros ($130 million) on four consumer electronic firms Tuesday, for fixing prices on their resold items. From a report: Asus, Denon & Marantz, Philips and Pioneer all limited the ability of online retailers to price items as they saw fit. The four manufacturers apparently threatened or sanctioned the online retailers who wouldn't comply with their price suggestions. "These well-known manufacturers of consumer electronics, they put pressure on online retailers to maintain higher prices. They did so during a period from 2011 and 2015," Margrethe Vestager, the European competition commissioner, said in a press conference Tuesday. "As a result of the actions taken by these four companies, millions of European consumers faced higher prices for kitchen appliances, hair dryers, notebook computers, headphones and many other products," Vestager said, adding that this behavior is "illegal under EU antitrust rules."

By BeauHD from Slashdot's first-of-its-kind department:Qualcomm announced its new QTM052 mmWave antenna modules that will enable 5G networks on select mobile phones. The penny-sized antenna array features four antennas that can accurately point toward the nearest 5G tower. It can even bounce signals off of surrounding surfaces, if needed. The Verge reports: The QTM052 is designed to be small enough that device manufacturers will be able to embed it into the bezel of a phone. Qualcomm's X50 5G modem is already designed to support up to four of the antenna arrays, one for each side of the phone, allowing for 16 total antennas and ensuring that no matter how you hold your phone, the signal won't get blocked. Qualcomm says that the first devices with the QTM052 antennas should be launching as early as the beginning of 2019 -- and hopefully, there'll be some actual 5G networks to use them with by then.

By BeauHD from Slashdot's too-hot-to-handle department:Amazon's Prime Day shopping event last week was riddled with glitches. Roughly 15 minutes into the sale, the landing page stopped working. Some users saw an error page featuring the "dogs of Amazon" and were never able to enter the site; others got caught in a loop of pages urging them to "Shop all deals." According to internal documents obtained by CNBC, it appears that Amazon failed to secure enough servers to handle the traffic surge, causing it to launch a scaled-down backup front page and temporarily kill off all international traffic. From the report: The e-commerce giant also had to add servers manually to meet the traffic demand, indicating its auto-scaling feature may have failed to work properly leading up to the crash, according to external experts who reviewed the documents. "Currently out of capacity for scaling," one of the updates said about the status of Amazon's servers, roughly an hour after Prime Day's launch. "Looking at scavenging hardware." A breakdown in an internal system called Sable, which Amazon uses to provide computation and storage services to its retail and digital businesses, caused a series of glitches across other services that depend on it, including Prime, authentication and video playback, the documents show.

By msmash from Slashdot's tussle-continues department:An anonymous reader shares a report: As WhatsApp scrambles to figure out technology solutions to address some of the problems its service has inadvertently caused in developing markets, India's government has proposed one of its own: bring traceability to the platform so false information can be traced to its source. But WhatsApp indicated to VentureBeat over the weekend that complying with that request would undermine the service's core value of protecting user privacy. "We remain deeply committed to people's privacy and security, which is why we will continue to maintain end-to-end encryption for all of our users," the company said. The request for traceability, which came from India's Ministry of Electronics & IT last week, was more than a suggestion. The Ministry said Facebook-owned WhatsApp would face legal actions if it failed to deliver. "When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators they are liable to be treated as abettors and thereafter face consequent legal action," the government said. India is WhatsApp's largest market, with more than 250 million users. The country is struggling to contain the spread of fake news on digital platforms. Hoax messages and videos on the platform have incited multiple riots, costing more than two dozen lives in the country this year alone. Allowing message tracing, though, would likely undo the privacy and security that WhatsApp's one billion users worldwide expect from the service. Bringing traceability and accountability to WhatsApp would mean breaking end-to-end encryption on the platform, the company told VentureBeat.

By BeauHD from Slashdot's hide-and-seek department:An anonymous reader quotes a report from Controlled Environments Magazine: Two high-speed electron microscopes. 7,062 brain slices. 21 million images. For a team of scientists at the Howard Hughes Medical Institute's Janelia Research Campus in Ashburn, Virginia, these numbers add up to a technical first: a high-resolution digital snapshot of the adult fruit fly brain. Researchers can now trace the path of any one neuron to any other neuron throughout the whole brain, says neuroscientist Davi Bock, a group leader at Janelia who reported the work along with his colleagues on July 19 in the journal Cell.

The fruit fly brain, roughly the size of a poppy seed, contains about 100,000 neurons (humans have 100 billion). Each neuron branches into a starburst of fine wires that touch the wires of other neurons. Neurons talk to one another through these touchpoints, or synapses, forming a dense mesh of communication circuits. Scientists can view these wires and synapses with an imaging technique called serial section transmission electron microscopy. First, they infuse the fly's brain with a cocktail of heavy metals. These metals pack into cell membranes and synapses, ultimately marking the outlines of each neuron and its connections. Then the researchers hit slices of the brain with a beam of electrons, which passes through everything except the metal-loaded parts. "It's the same way that x-rays go through your body except where they hit bone," Bock explains. The resulting images expose the brain's once-hidden nooks and crannies.

By BeauHD from Slashdot's looking-out-from-the-inside department:"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

By BeauHD from Slashdot's expect-the-unexpected department:An anonymous reader writes: "Scientists from the University of California, Riverside (UCR) have published details last week about a new Spectre-class attack that they call SpectreRSB," reports Bleeping Computer. "Just like all 'Spectre-class' attacks, SpectreRSB takes advantage of the process of speculative execution -- a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. The difference from previous Spectre-like attacks is that SpectreRSB recovers data from the speculative execution process by attacking a different CPU component involved in this 'speculation' routine, namely the Return Stack Buffer (RSB)." In a research paper, academics say they've used SpectreRSB attacks to recover data belonging to other processes, and have even tricked the RSB into spilling SGX secrets. The attack works on Intel, AMD, and ARM processors, known to use RSB. The attack can also bypass all the mitigations put in place for the original Spectre/Meltdown flaws.

By BeauHD from Slashdot's hyperloop-hat-trick department:Engineering students from the Technical University of Munich have won a hyperloop competition that aims to refine the technologies that could underpin the super-fast transport system. According to the BBC, "The team's pod hit 457km/h (290mph) on a 1.2km (0.75 mile) test track." This marks the third win in a row for the team. From the report: In the latest round of the competition, the Munich team, WARR Hyperloop, outpaced rival capsules, which could manage speeds of only 88mph (Delft University) and 55mph (EPF Loop, from Switzerland), to beat its own record speed, 323km/h, set in the second competition, in September 2017. In a change from earlier competitions, all the pods being tested this time had to be self-propelled. Previously, the pods could rely on a SpaceX-built "pusher" vehicle that helped them travel down the test tube.

By BeauHD from Slashdot's get-it-while-it-lasts department:An anonymous reader quotes a report from Motherboard: Someone has uploaded what appear to be 11 of Apple's internal repair videos to YouTube. Apple did not immediately respond to a request for comment, but two sources in the repair community familiar with Apple's repair policies told Motherboard these are indeed genuine Apple how-to videos. The videos themselves have an Apple copyright on them, the host references internal Apple documentation and diagnostic tests, and, most importantly, the videos use proprietary Apple disassembly and repair tools that Motherboard has previously confirmed are manufactured by and are exclusive to Apple.The videos on how to open an iPhone X and replace its battery are particularly interesting, and show that the DIY repair community has gotten extremely good at reverse-engineering Apple's official procedures. The instructor walks the repair tech through the process of opening the case on the iPhone X in a way that closely mirrors the process that sites such as iFixit have been doing for a few years now. The video starts by instructing the tech to remove the screws near the lighting port, then inserting the iPhone X into a device that uses suction cups to pry the screen away from the body while the tech uses a small tool to cut the adhesive along the seams at the edge of the device. Apple's suction cup tool looks like a bulkier version of iFixit's iSclack tool -- a suction cup device that customers can use to disassemble and repair their own device. The video about replacing the iPhone X's battery is remarkably similar to the iFixit video of the same procedure.

By msmash from Slashdot's up-next department:An anonymous reader shares a report: This year, Google is pushing out a major revamp to its Material Design guidelines. The new design language is slowly creeping across Google's portfolio, and so far we've seen big changes for Gmail.com, early builds of Chrome, and for Android P. The Android side of things has so far only been the base operating system, but now a new Google design video has surfaced that shows off new designs for Gmail, Google Photos, Google Trips, and Google Drive. [...] The Gmail screens strip the app of its trademark red UI elements and give us a white bottom bar and white background. The phone inbox shows attached documents and even has large thumbnails for images. The message screen appears to show attachments on a horizontal scrolling carousel, which looks a lot like the horizontally scrolling news articles in the Google Feed. This screen again places the important controls down at the bottom of the screen, where a bottom bar houses the usual "Mark as Read," "Delete," "Archive," and "Reply All" buttons. We even get to see the compose screen for a second, which shows previous replies above your compose field.

By BeauHD from Slashdot's come-and-get-it department:BrianFagioli shares a report from BetaNews: Microsoft seems eager to get programmers on the quantum bandwagon, as today, it launched the open-source Quantum Katas on GitHub. What exactly is it? It is essentially a project deigned to teach Q# programming for free. "For those who want to explore quantum computing and learn the Q# programming language at their own pace, we have created the Quantum Katas -- an open-source project containing a series of programming exercises that provide immediate feedback as you progress," says The Microsoft Quantum Team. "Coding katas are great tools for learning a programming language. They rely on several simple learning principles: active learning, incremental complexity growth, and feedback." The team further says, "The Microsoft Quantum Katas are a series of self-paced tutorials aimed at teaching elements of quantum computing and Q# programming at the same time. Each kata offers a sequence of tasks on a certain quantum computing topic, progressing from simple to challenging. Each task requires you to fill in some code; the first task might require just one line, and the last one might require a sizable fragment of code. A testing framework validates your solutions, providing real-time feedback." You can view the project on GitHub here.

By BeauHD from Slashdot's all-in-the-name-of-safety department:According to American Airlines, the airline is working with the TSA to install a new bag-scanning machine at New York's John F. Kennedy International Airport. "The machine uses the same technology as CT scanners, providing a 3D image of bag's contents, and is expected to be operational in late July," reports The Verge. From the report: The new scanner, which will be used at the airport's Terminal 8 security checkpoint, will allow TSA to rotate a bag's image 360 degrees to show its contents. American Airlines says this should provide a more effective way for agents to inspect bags for explosives and other prohibited items. TSA administrator David Pekoske tells CBS News that the new machines could allow for liquids, gels, aerosols, and laptops to be left in bags. The TSA plans to have 15 of the new CT scanners at airports by the end of the year, and are authorized to purchase up to 240 of the machines, which cost $300,000 each, in 2019. The technology has also been tested at Phoenix Sky Harbor International Airport and in Boston.

By BeauHD from Slashdot's cut-to-the-chase department:An anonymous reader quotes a report from Ars Technica: Nintendo's attitude toward ROM releases -- either original games' files or fan-made edits -- has often erred on the side of litigiousness. But in most cases, the game producer has settled on cease-and-desist orders or DMCA claims to protect its IP. This week saw the company grow bolder with its legal action, as Nintendo of America filed a lawsuit (PDF) on Thursday seeking millions in damages over classic games' files being served via websites. The Arizona suit, as reported by TorrentFreak, alleges "brazen and mass-scale infringement of Nintendo's intellectual property rights" by the sites LoveROMs and LoveRetro. These sites combine ROM downloads and in-browser emulators to deliver one-stop gaming access, and the lawsuit includes screenshots and interface explanations to demonstrate exactly how the sites' users can gain access to "thousands of [Nintendo] video games, related copyrighted works, and images." The biggest amount of money Nintendo is seeking comes from "$150,000 for the infringement of each Nintendo copyrighted work and up to $2,000,000 for the infringement of each Nintendo trademark." The company has also requested full disclosure of the operators' "receipts and disbursements, profit and loss statements, advertising revenue, donations and cryptocurrency revenue, and other financial materials." LoveROMs has since removed all Nintendo-affiliated links, including ROMs and emulators, and the site announced on its social media channels that "all Nintendo titles have been removed from our site." Meanwhile, LoveRetro.co now redirects visitors to a page that reads: "Loveretro has effectively been shut down until further notice."